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CLAiMS 

1 . A method of distributing data comprising: 

(a) encrypting a plurality of data units each with one of a sequence of 

5 keys; 

(b) communicating encrypted data units to a pluraiity of user terminals; 

(c) communicating at least one seed value to a user terminal; 

id] generating from the seed value or values a sequence of keys greater in 
number than the number of seed values communicated to the user terminal; and 

|,10 (e) decrypting data units at the user terminal using the said sequence of 

keys, characterised in that in step <d) a sequence of keys constituting an arbitrarily 

H doubly bounded portion of the sequence of keys of step (a) is generated, and in that 
the position in sequence of the lower and upper bounds of the said portion are 

^ " determined by the at least one seed value communicated in step (c). 

lU 

2. A method according to claim 1 , in which the sequence of keys used in step 
W (a) is generated by: 

O (3) operating on one or more initial seed values and generating a greater 

number of intermediate seed values, which intermediate seed values 
20 blind the initial seed values: 

(b) further operating on the values produced by the preceding step and 
generating thereby a still greater number of further values, which further 
values blind the values produced by the preceding step; 

(c) Iterating step (B) until the number of values produced is equal to or 
25 greater than the number of keys required for step (a). 

3. A method according to claim 1 or 2, in which step <d) includes combining values 
derived from a plurality of different seed values. 



30 



4. A method according to claim 1 or 2 or 3, in which step (d) includes operating on 
a plurality of seed values with each of a plurality of different blinding functions. 
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5. A method according to Claim 4, including: 

(t) operating on at least one root seed value with each of a set of different 
5 blinding functions thereby producing a plurality of further values; 

(II) operating with each of the set of different blinding functions on the 
further values produced by the preceding step or on values derived therefrom; 

(III) Iterating step (II) and thereby producing, by the or each iteration, a next 
successive iayer in a tree of values; 

llO (iV) m step (a), using as the sequence of keys values derived from the 

sequence of seeds in one or more of the layers produced by step (III); and 

(V) in step (c), communicating to a user terminal at least one value from 
l;3 within the body of the tree, the position in the tree of the or each value 
! communicated to the user terminal thereby determining the position and extent of the 
J 5 portion of the sequence of keys available to the user for use in decrypting data units. 

]^ 6. A method according to claim 5 including. In step (I) 

C3 (•) operating with the set of different blinding functions on plurality of 

different seed values 

20 (ii) for each of the different blinding functions, combining the result of 

operating with one blinding function on one of the seed values and the 
result of operating with the same or another blinding function on 
another of the respective seed values, thereby producing a plurality of 
further values. 

25 

7. A method according to claim 3, in which step (d) includes 

(I) combining first and second values derived from respective first and 
second blinding function chains, thereby producing a first next seed or 
key, the first and second blinding function chains having different 

30 respective seeds 

(II) combining a value derived from a position in the first chain subsequent 
to the position of the first value and a value derived from a position in 
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the second chain preceding the position of the second value, thereby 
producing a further next seed or key value. 

8. A method according to claim 7, including iterating step (If) thereby producing 
.5 further key values, in each iteration values from positions subsequent to the previous 

position in the first chain and preceding the previous position in the second chain 
being combined. 

9. A method according to any one of the preceding claims in which the seed 
A O values are communicated to the user terminals, via a communications network. 

Si 

10. A method according to claim 9 in which the seed values are communicated 
from a plurality of key management nodes to customer terminals. 

15 11. A method of encrypting data for distribution comprising: 

(a) operating on at least one root seed value with one or more blinding 
functions, thereby producing a plurality of further values; 

(b) operating with one or more blinding functions on the further values 
produced by the preceding step or on values derived therefrom; 

20 (c) iterating step |b) and thereby producing, by the or each iteration, a next 

successive layer in a tree of values; 

(d) encrypting a plurality of data units using a sequence of key values 
derived from one or more of the layers generated by step (c). 

25 1 2. A method of communicating data to a group of users comprising: 

(a) encrypting data for distribution; 

(b) systematically and Independently of group membership changes 
changing a key used in encrypting the data for distribution; 

(c) communicating the data to the users; and 

30 (d) at the users' terminals decrypting the data, characterised by generating 

from a number of initial seed values a greater number of intermediate seed values, 
and deriving from the intermediate seed values the plurality of keys used in 
encrypting the data for distribution. 
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13. A method according to claim 12, in which every possible sui>set of the 
sequence of keys is derivable from a respective combination of seed values. 

5 14. A method according to any of the preceding claims, in which each encrypted 
data unit carries an unencrypted index number to identify to any receiver which key 
in the sequence should be used to decrypt that data unit. 

15. A method according to any of claims 1 to 14 where the seeds required by any 
HO receiver to construct the keys for a specific sub-range of the entire key 

Q sequence are communicated in an order that implicitly identifies each seed. 

O 16. A method according to any of the preceding claims, in which multiple data 
senders use the same sequence of keys as each other to encrypt the same or 
= 1 5 different data units, 

= y 

]M. A method according to any of the preceding claims, in which each key in the 

Q sequence generated from the seeds is used as an intermediate key to be combined 
with another intermediate key or sequence of keys to produce a sequence of keys to 
20 encrypt or decrypt the data units. 

18. A method of distributing data comprising encrypting a plurality of data units 
each with one of a sequence of keys and communicating the encrypted data units to 
a plurality of user terminals, characterised in that the sequence of keys is generated 
25 and allocated to application data units in accordance with a key construction 
algorithm, and in that copies of the key construction algorithm are distributed to a 
plurality of key managers so that, in use, receivers may obtain keys for access to an 
arbitrary portion of the data from a key manager without reference to any data 
sender or senders. 



30 



1 9. A method of operating a user terminal comprising: 

a) receiving a plurality of data units encrypted with a sequence of 
keys; 
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b) receiving onm or more seed values; 

c) generating from the one or more seed values an arbitrarify^ doubly 
bounded key sequence larger in number than the number of seeds 
received in step (bl; and 

d) decrypting the application data unit? using the values generated in 
5t6p (c) or valuer derived . therefrom. 



hi 



20. A key manager comprising means aranged to operate ia-accordance with the 
10 method of claim 18, , . . 

21 , A customer terminal comprising means arranged to operate In eccoidance 
with the method of claim 19. 

1 5 22. A communications network comprising -means^ arranged to operate by 
method in accordance with the method of any one pf- claims j -to .19.. , . ' . . . : 

23. A network acconding to claim 22, in which the data i3..distf!buted. using a. 
multicast or broadcast transmission mode. 

20 ... ' 

24., A network according to claim 22 or 23, In which the network. Includes a 
virtual private network (VPN) and in which different-combinations^jaf . seeds for 
constmcting different sub-ranges of keys for decrypting data give members of the 
Virtual pnvata network different periods of access to the VpN-, - . . 

25 

25, A data carrier storing a plurality of data units encrypted for us« in a method 
according to eny one of claims 1 to 19. 
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